This invention relates generally to masking sensitive data in databases and in particular to creating secure virtual databases that store sensitive data obtained from a source database as masked data.
Software applications used by enterprises often incorporate sensitive data for which access must be carefully controlled. Certain privileged users may be allowed access to the sensitive data. However, several users of systems of an enterprise may not be given access to the sensitive data. These users need to handle representative data for specific purposes. For example, if there is a defect or bug in a program, developers and testers often need to reproduce the conditions under which the defect was caused. This often requires using the original dataset, for example, to reproduce the original conditions. However, the developers and testers are not privileged users and are not allowed to have access to the sensitive data. Enterprises often use data masking to transform or obfuscate the sensitive data such that the original sensitive data cannot be discerned by users.
This masking operation is typically handled by people specializing in information technology (IT) infrastructure management, and involves creating copies of the data and masking them before making the copies available to the developer. This process is time consuming and cumbersome. Furthermore, keeping copies of masked data requires additional storage. If developers and testers make copies of the original dataset on a regular basis, the amount of additional storage used for storing the masked data can become significant. Conventional data masking techniques have shortcomings in the way they make secure data available to application developers and the way the secure data is stored. These shortcomings become worse when applied across multiple application versions, distributed development teams, and different security roles.